Step 3: Review information about files and packages

To identify candidates for software signatures, review information about files and packages that exist on the computer where a particular software product is installed.

Candidates for file and package signatures

Most efficient signatures are file-based signatures with constant size that is different for each release or signatures that are based on package data where a wildcard (*) can be used. In both cases, the file and package data should be removed during the product uninstallation or changed during the product upgrade or downgrade.

When you are looking for candidates for such signatures, always check:
  • Whether any product documentation describes methods for determining the product edition and release based on files or package data
  • Whether the product name and version can be unambiguously determined, for example, by the file name
  • Whether there are any component-specific files:
    • Executable files whose version, part of version, or size is specific to the particular release
    • Files whose name or its part is specific to the particular release
    • Files whose content defines the product name and version
    • Other files with constant size, for example, a graphic that contains the product release number
    • Libraries with version or constant size
  • Whether there are application-specific packages
Do not create signatures that are based on:
  • Shared or external libraries
  • Files that can be used by another product
  • File names that are commonly used, for example, readme.txt

Available reports

Use one of the following reports to identify candidates for signatures.
Package Data
The report provides information about the packages that are installed on the computers in your infrastructure. To find a package that can be used as a signature, filter the report to the data from the computer on which the particular software product is installed.
Scanned File Data
The report provides information about files that were detected on the computers in your infrastructure. The files with any file extensions can be used to create software signatures.
Note: To find a file or a package that can be used as a signature, filter the report to the data from the computer on which the particular software product is installed. To further narrow down the results, specify the whole or part of the path to the directory where the software is installed. Then, look at the following columns.
  • Recognized - the column shows whether the file was recognized as part of an existing signature.
  • Caused Detection - the column shows whether the file contained enough information to cause detection of the related software. This column is not enabled by default. For more information, see: Report columns.
If the value in both columns is No, the file is not used for software detection and you can use it to create a new software signature.
Unrecognized Files
The report creates a ranking of files that are most commonly encountered in your computer infrastructure but do not produce matches for any signature. For more information, see: Available reports.